projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4e609bf)
Handle authdata encrypted in subkey
authorSam Hartman <hartmans@mit.edu>
Fri, 3 Apr 2009 05:36:25 +0000 (05:36 +0000)
committerSam Hartman <hartmans@mit.edu>
Fri, 3 Apr 2009 05:36:25 +0000 (05:36 +0000)
RFC 4120 requires that if a subkey is present in the TGS request that
authorization data be encrypted in the subkey.  Our KDC did not handle
this correctly.

ticket: 6438
target_version: 1.7
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22168 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/kdc_authdata.c patch | blob | history

diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c
index 315269c2af3f24b76c3a576c578e43092a362d48..fd2e3ab5b34e6886a06e9cbf8b051aa1ecd1fdd8 100644 (file)
--- a/src/kdc/kdc_authdata.c
+++ b/src/kdc/kdc_authdata.c
@@ -403,6 +403,13 @@ handle_request_authdata (krb5_context context,
                          KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY,
                          0, &request->authorization_data,
                          &scratch);
+    if (code != 0)
+       code = krb5_c_decrypt(context,
+                             client_key,
+                             KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY,
+                             0, &request->authorization_data,
+                             &scratch);
+
     if (code != 0) {
        free(scratch.data);
        return code;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.